A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | AA | AB | AC | AD | AE | AF | AG | AH | AI | AJ | AK | AL | AM | AN | AO | AP | AQ | AR | AS | AT | AU | AV | AW | AX | AY | AZ | BA | BB | BC | BD | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
2 | Entity | alternative name | story | YEAR | YEAR(2) | records lost | ORGANISATION | METHOD OF LEAK | interesting story | NO OF RECORDS STOLEN | DATA SENSITIVITY | UNUSED | UNUSED | Exclude | 1st source link | 2nd source link | 3rd source | source name | |||||||||||||||||||||||||||||||||||||||
3 | Elaboration if there's an interesting story or detail behind it | years are encoded (0=2004, 8 = 2012, 9 = 2013, 10=2014, 11=2015, 12=2016, 13 = 2017, 14=latest | (use 3m, 4m, 5m or 10m to approximate unknown figures) | (use 3m, 4m, 5m or 10m to approximate unknown figures) | 1. Just email address/Online information 20 SSN/Personal details 300 Credit card information 4000 Email password/Health records 50000 Full bank account details | Show this item in the viz? | |||||||||||||||||||||||||||||||||||||||||||||||||||
4 | AOL | American Online | A former America Online software engineer stole 92 million screen names and e-mail addresses and sold them to spammers who sent out up to 7 billion unsolicited e-mails. | 0 | 2004 | 92000000 | web | inside job | 92000000 | 1 | http://money.cnn.com/2004/06/23/technology/aol_spam/ | http://www.msnbc.msn.com/id/8985989/#.UFcN8RgUwaA | CNN | ||||||||||||||||||||||||||||||||||||||||||||
5 | Cardsystems Solutions Inc. | Third-party payment processor for Visa, Mastercard, Amex, and Discover | CardSystems was fingered by MasterCard after it spotted fraud on credit card accounts and found a common thread, tracing it back to CardSystems. An unauthorized entity put a specific code into CardSystems' network, enabling the person or group to gain access to the data. It's not clear how many of the 40 million accounts were actually stolen. | 1 | 2005 | 40000000 | financial | hacked | y | 40000000 | 300 | http://www.msnbc.msn.com/id/8260050/ns/technology_and_science-security/t/million-credit-cards-exposed/#.UFiz7aRYtmg | MSNBC | ||||||||||||||||||||||||||||||||||||||||||||
6 | Ameritrade Inc. | Computer backup tape containing personal information was lost. | online broker | 1 | 2005 | 200000 | financial | lost / stolen device or media | 200000 | 20 | http://www.nbcnews.com/id/7561268/ | NBC | |||||||||||||||||||||||||||||||||||||||||||||
7 | Citigroup | Blame the messenger! A box of computer tapes containing information on 3.9 million customers was lost by United Parcel Service (UPS) while in transit to a credit reporting agency. | 1 | 2005 | 3900000 | financial | lost / stolen device or media | y | 3900000 | 300 | http://www.nytimes.com/2005/06/07/business/07data.html?pagewanted=all&_moc.semityn.www | NY Times | |||||||||||||||||||||||||||||||||||||||||||||
8 | Automatic Data Processing | Business outsourcing, payrolls, benefits | 1 | 2005 | 125000 | financial | poor security | 130000 | 20 | http://abcnews.go.com/Technology/story?id=2160425&page=1#.UFcROxgUwaA | ABC | ||||||||||||||||||||||||||||||||||||||||||||||
9 | AOL | American Online | Durp. AOL VOLUNTARILY released search data for roughly 20 million web queries from 658,000 anonymized users of the service. No one is quite sure why. | 2 | 2006 | 20000000 | web | accidentally published | y | 20000000 | 1 | http://techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/ | Tech Crunch | ||||||||||||||||||||||||||||||||||||||||||||
10 | KDDI | Japanese telecommunications operator | Press report: "Tokyo police have arrested two men for trying to extort nearly US$90,000 from KDDI Corp. The pair allegedly threatened to disclose the existence of storage media containing personal data belonging to four million KDDI customers prior to a shareholder meeting; however, KDDI alerted the police as soon as they were contacted by the blackmailers; the police monitored communications between KDDI and the pair for several weeks. " | 2 | 2006 | 4000000 | telecoms | hacked | y | 4000000 | 1 | http://www.computerworld.com/s/article/9001150/KDDI_suffers_massive_data_breach | Computer World | ||||||||||||||||||||||||||||||||||||||||||||
11 | Countrywide Financial Corp | Mortgage financer | 2 | 2006 | 2600000 | financial | inside job | 2600000 | 300 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||||
12 | Hewlett Packard | Laptop lost/stolen containing employee data: names, addresses, Social Security numbers, dates of birth and other employment-related information. | 2 | 2006 | 200000 | tech, retail | lost / stolen device or media | y | 200000 | 20 | http://news.cnet.com/Laptop-with-HP-employee-data-stolen/2100-7348_3-6052964.html | CNET | |||||||||||||||||||||||||||||||||||||||||||||
13 | T-Mobile, Deutsche Telecom | Thieves got their hands on a storage device with the data, which included the names, addresses, cell phone numbers, and some birth dates and e-mail addresses for high-profile German citizens. The company said the records did not contain bank details, credit card numbers, or call data. | 2 | 2006 | 17000000 | telecoms | lost / stolen device or media | 17000000 | 1 | http://www.datalossdb.org | http://www.informationweek.com/security/attacks/t-mobile-lost-17-million-subscribers-per/210700232 | Data Loss Database | |||||||||||||||||||||||||||||||||||||||||||||
14 | US Dept of Vet Affairs | The Veterans Affairs Department agreed to pay $20 million to settle a class action lawsuit over the loss of a laptop. The department originally took three weeks to report the theft. The laptop was recovered with the data apparently intact a month after it was reported stolen. But it is impossible to say with absolute certainty that the data was not accessed and copied. | 2 | 2006 | 26500000 | government, military | lost / stolen device or media | 26500000 | 20 | http://gcn.com/Articles/2009/02/02/VA-data-breach-suit-settlement.aspx | GCN | ||||||||||||||||||||||||||||||||||||||||||||||
15 | Monster.com | Jobs website | A trojan virus stole log-ins that were used to harvest user names, e-mail addresses, home addresses and phone numbers. Soon after phishing e-mails encouraged users to download a Monster Job Seeker Tool, which was in fact a program that encrypted files in their computer and left a ransom note demanding money for their decryption. | 3 | 2007 | 1600000 | web | hacked | y | 1600000 | 20 | http://news.bbc.co.uk/1/hi/6956349.stm | BBC | ||||||||||||||||||||||||||||||||||||||||||||
16 | Hannaford Brothers Supermarket Chain | Delhaize Group: Hannaford Bros, Sweetbay, Food Lion, Bloom, Bottom Dollar, Harveys, Kash n' Karry | An estimated 4.2 million credit and debit card numbers were stolen. | 3 | 2007 | 4200000 | retail | hacked | 4200000 | 300 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
17 | TD Ameritrade | US online broker | TD Ameritrade settled a class action lawsuit to compensate as many as 6.3 million TD Ameritrade customers whose data was stolen by hackers costing the Nebraska online brokerage firm less than $2 per victim. | 3 | 2007 | 6300000 | financial | hacked | 6300000 | 1 | http://www.wired.com/threatlevel/2008/07/ameritrade-hack/ | Wired | |||||||||||||||||||||||||||||||||||||||||||||
18 | TK / TJ Maxx | Largest retail breach to date | Hackers hacked a Minnesota store wifi network and stole data from credit and debit cards of shoppers at off-price retailers TJX, owners of nearly 2,500 stores, including T.J. Maxx and Marshalls. This case is believed to be the largest such breach of consumer information. | 3 | 2007 | 94000000 | retail | hacked | 94000000 | 300 | http://www.zdnet.com/wi-fi-hack-caused-tk-maxx-security-breach-3039286991/ | http://www.msnbc.msn.com/id/17871485/ns/technology_and_science-security/t/tj-maxx-theft-believed-largest-hack-ever/#.UFi-HaRYtmg | ZD Net | ||||||||||||||||||||||||||||||||||||||||||||
19 | Texas Lottery | Data on more than 89,000 lottery winners (including names, Social Security numbers, addresses and prize amounts )were taken from the agency without permission by a former computer analyst who copied the password-free data. The employee added he wanted the information "for possible future reference as a programmer at other state agencies." | 3 | 2007 | 89000 | government | inside job | 90000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||||
20 | Compass Bank | A former employee stole a hardrive containing 1m account details from the bank, then used it to defraud cutomers of nearly $32,000. | 3 | 2007 | 1000000 | financial | inside job | y | 1000000 | 300 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | http://www.computerworld.com/s/article/9072198/Programmer_who_stole_drive_containing_1_million_bank_records_gets_42_months | ITRC | ||||||||||||||||||||||||||||||||||||||||||||
21 | Fidelity National Information Services | Employee sold customer information to a data broker, including names, addresses, birth dates, bank account and credit card information. | 3 | 2007 | 8500000 | financial | inside job | 8500000 | 300 | http://www.pcworld.com/article/135117/article.html | PCWorld | ||||||||||||||||||||||||||||||||||||||||||||||
22 | Dai Nippon Printing | Japanese printing company | A former contractor of Dai Nippon Printing Company in Tokyo, Japan stole 8.6 million records containing the personal data of customers of 43 of the company's clients. | 3 | 2007 | 8637405 | retail | inside job | 8600000 | 1 | http://usatoday30.usatoday.com/tech/news/computersecurity/2007-12-30-data_n.htm | USA Today | |||||||||||||||||||||||||||||||||||||||||||||
23 | City and Hackney Teaching Primary Care Trust | Heavily encrypted disks containing details of children are lost by couriers. | 3 | 2007 | 160000 | government | lost / stolen device or media | 160000 | 20 | http://www.computerweekly.com/news/2240104003/Hackney-NHS-trust-encrypts-IT-equipment-following-loss-of-child-data | Computer Weekly | ||||||||||||||||||||||||||||||||||||||||||||||
24 | Gap Inc | Stolen laptop which contained social security numbers, data on people who applied for positions at Gap stores, including Banana Republic and Old Navy, between July 2006 and June 2007. | 3 | 2007 | 800000 | retail | lost / stolen device or media | 800000 | 20 | http://www.pcworld.com/article/137865/article.html | PC World | ||||||||||||||||||||||||||||||||||||||||||||||
25 | Driving Standards Agency | Hard disk with details of candidates for the driving theory test was lost in a premises in Iowa by subcontractors. Only names, addresses and phone numbers. | 3 | 2007 | 3000000 | government | lost / stolen device or media | 3000000 | 20 | http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm | BBC News | ||||||||||||||||||||||||||||||||||||||||||||||
26 | Driving Standards Agency, | Details of candidates for the driving theory test were on a hard drive that went missing in the US. | 3 | 2007 | 3000000 | government | lost / stolen device or media | 3000000 | 20 | http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm | BBC News | ||||||||||||||||||||||||||||||||||||||||||||||
27 | UK Revenue & Customs | HMRC | A set of discs containing confidential details of 25 million child benefit recipients was lost. | 3 | 2007 | 25000000 | government | lost / stolen device or media | 25000000 | 1 | http://news.bbc.co.uk/2/hi/uk_news/7103911.stm | BBC News | |||||||||||||||||||||||||||||||||||||||||||||
28 | Jefferson County | West Virginia, US | "Jefferson County Clerk Jennifer Maghan said she unveiled a new online search tool that enabled residents and business professionals to access nearly 1.6 million documents that are stored in her office via their home computers" | 4 | 2008 | 1600000 | government | accidentally published | y | 1600000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | http://www.journal-news.net/page/content.detail/id/511806.html?nav=5006 | ITRC | |||||||||||||||||||||||||||||||||||||||||||
29 | Norwegian Tax Authorities | "Tax authorities said they had accidentally sent CD-ROMs filled with the 2006 tax returns of nearly four million people living in Norway, a country of just 4.6 million inhabitants, to the editorial staff at national newspapers, radios and television stations." | 4 | 2008 | 3950000 | government | accidentally published | y | 4000000 | 20 | http://infowatch.com/node/1289 | Info Watch | |||||||||||||||||||||||||||||||||||||||||||||
30 | RBS Worldpay | the U.S. payment processing arm of The Royal Bank of Scotland Group | The hack primarily effected U.S. prepaid and the gift card issuing business of RBS Worldpay. Actual fraud has been committed on approximately 100 cards. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed. | 4 | 2008 | 1500000 | financial | hacked | 1500000 | 20 | http://www.theregister.co.uk/2008/12/29/rbs_worldpay_breach/ | The Register | |||||||||||||||||||||||||||||||||||||||||||||
31 | Data Processors International | Provides merchant account establishment and Internet based credit card payment processing services | 4 | 2008 | 5000000 | financial | hacked | 5000000 | 1 | http://money.cnn.com/2003/02/18/technology/creditcards/ | CNN | ||||||||||||||||||||||||||||||||||||||||||||||
32 | Chile Ministry Of Education | A computer hacker in Chile published confidential records belonging to six million people to illustrate the weakness of their security. | 4 | 2008 | 6000000 | government | hacked | 6000000 | 1 | http://news.bbc.co.uk/2/hi/americas/7395295.stm | http://www.geek.com/articles/news/government-servers-in-chile-hacked-6-million-personal-records-made-public-20080514/ | BBC News | |||||||||||||||||||||||||||||||||||||||||||||
33 | Auction.co.kr | South Korea's largest online shopping site | 4 | 2008 | 18000000 | web | hacked | 18000000 | 300 | http://www.darkreading.com/security/perimeter-security/211201111/hacker-steals-data-on-18m-auction-customers-in-south-korea.html | Dark reading | ||||||||||||||||||||||||||||||||||||||||||||||
34 | GS Caltex | Private oil company | Two multimedia discs containing the names, social security numbers, addresses, cell phone numbers, email addresses and workplaces of Korean customers sorted by age were stolen. They were found by an office worker in a backstreet’s trash pile in Seoul. Experts say a GS Caltex employee likely stole the information for personal purposes given there were no signs of hacking. | 4 | 2008 | 11100000 | energy | inside job | 11100000 | 20 | http://www.datalossdb.org | http://english.donga.com/srv/service.php3?biid=2008090631088 | Data Loss Database | ||||||||||||||||||||||||||||||||||||||||||||
35 | Service Personnel and Veterans Agency (UK) | Stolen USBs containing personal information about private lives of staff. | 4 | 2008 | 50500 | government | lost / stolen device or media | 50000 | 20 | http://news.bbc.co.uk/1/hi/england/gloucestershire/7639006.stm | BBC News | ||||||||||||||||||||||||||||||||||||||||||||||
36 | Stanford University | Tens of thousands of past and current Stanford University employees had personal information - including their dates of birth, Social Security numbers and home addresses - stored on the hard drive of a stolen university laptop. | 4 | 2008 | 72000 | academic | lost / stolen device or media | 72000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | http://www.sfgate.com/bayarea/article/Stanford-employees-data-on-stolen-laptop-3281185.php | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
37 | UK Home Office | PA Consulting lost an unencrypted memory stick containing details of high risk, prolific and other offenders. | 4 | 2008 | 84000 | government | lost / stolen device or media | 84000 | 20 | http://en.wikipedia.org/wiki/List_of_UK_government_data_losses | Wikipedia | ||||||||||||||||||||||||||||||||||||||||||||||
38 | AT&T | A laptop was stolen from a car containing unencrypted Social Security numbers and bonus/salary info of AT&T employees. | 4 | 2008 | 113000 | telecoms | lost / stolen device or media | y | 100000 | 1 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
39 | Starbucks | A laptop was stolen that contained private information on 97,000 employees, including names, addresses and Social Security numbers. Employees tried to sue Starbucks in California winning their case in the appeals court before losing in the higher federal court as they were unable to prove any cognizable harm or injury. | 4 | 2008 | 97000 | retail | lost / stolen device or media | y | 100000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | http://privacyblog.littler.com/2011/01/articles/identity-theft/after-starbucks-laptop-is-stolen-alleged-victims-of-identity-theft-win-pyrrhic-victory/ | ITRC | ||||||||||||||||||||||||||||||||||||||||||||
40 | UK Ministry of Defence | Hard drive containing very sensitive details of Armed Forces personnel - passport & national insurance numbers, bank details etc - went missing. Loss was revealed during National Identity Fraud Prevention Week. | 4 | 2008 | 1700000 | government | lost / stolen device or media | y | 1700000 | 50000 | http://news.bbc.co.uk/1/hi/uk_politics/7667507.stm | BBC News | |||||||||||||||||||||||||||||||||||||||||||||
41 | University of Miami | Thieves stole a briefcase containing data tapes out of a vehicle used by a private off-site storage company. Anyone who had been a patient of a University of Miami physician or visited a UM facility since 1999 is likely included on the tapes. The data included names, addresses, Social Security numbers and health information. 47,000 of these records may have included credit card or other financial information regarding bill payment. | 4 | 2008 | 2100000 | academic | lost / stolen device or media | 2100000 | 300 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||||
42 | University of Utah Hospitals & Clinics | stolen data tapes | The data tapes were stolen by petty thieves from an employee's car. According to police reports the thieves tried - and failed - to view the tapes using a VHS player. | 4 | 2008 | 2200000 | academic | lost / stolen device or media | y | 2200000 | 4000 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||
43 | BNY Mellon Shareowner Services | Wealth management | A back-up tape, containing over 12 million customers records were lost. | 4 | 2008 | 12500000 | financial | lost / stolen device or media | 12500000 | 1 | http://www.wctv.tv/news/headlines/28132494.html?storySection=comments | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
44 | University of California Berkeley | details on students, alumni and others | 5 | 2009 | 160000 | academic | hacked | 160000 | 300 | http://www.msnbc.msn.com/id/30645920/ns/technology_and_science-security/t/hackers-breach-uc-berkeley-computers/#.UFjFaKRYtmg | ITRC | ||||||||||||||||||||||||||||||||||||||||||||||
45 | Virginia Prescription Monitoring Program | A hacker, who was never arrested, demanded a $10 million ransom for a breach effecting 530,000 Virginians. Social security numbers may have been taken. The data was found in a database containing 35 million prescription records. | 5 | 2009 | 531400 | healthcare | hacked | y | 500000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
46 | Network Solutions | Domain name registration business | A large-scale infection of WordPress-driven blogs with malicious code led to the compromise of 573,000 debit and credit cards. | 5 | 2009 | 573000 | tech | hacked | 600000 | 300 | http://www.computerworld.com/s/article/9175783/Network_Solutions_sites_hacked_again | http://voices.washingtonpost.com/securityfix/2009/07/network_solutions_hack_comprom.html | ITRC | ||||||||||||||||||||||||||||||||||||||||||||
47 | CheckFree Corporation | Provider of online banking, online bill payment and electronic bill payment services for the financial services industry | Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on the day of the attack were redirected to a Ukrainian Web server that used malicious software to try and install a password-stealing program on the victim's computer. | 5 | 2009 | 5000000 | financial | hacked | y | 5000000 | 1 | http://www.computerworld.com/s/article/9125078/CheckFree_warns_5_million_customers_after_hack | Computer World | ||||||||||||||||||||||||||||||||||||||||||||
48 | Virginia Dept. Of Health | An extortion demand posted on WikiLeaks sought $10 million to return over 8 million patient records and 35 million prescriptions allegedly stolen from Virginia Department of Health Professions. All 36 servers were shut down to protect records. | 5 | 2009 | 8257378 | government, healthcare | hacked | y | 8300000 | 4000 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
49 | RockYou! | Developer of online games (Zoo World/Zoo World 2) and advertising products | The site did not allow users to use special characters or punctuation in their passwords and e-mailed user passwords in plain text. Hackers took advantage of these security lapses, using simple techniques to gain access to 32 million user accounts. | 5 | 2009 | 32000000 | web, gaming | hacked | y | 32000000 | 1 | http://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ | Tech Crunch | ||||||||||||||||||||||||||||||||||||||||||||
50 | Heartland | Independent payment processor | The biggest credit card scam in history, Heartland eventually paid more than $110 million to Visa, MasterCard, American Express and other card associations to settle claims related to the breach. | 5 | 2009 | 130000000 | financial | hacked | y | 130000000 | 300 | http://www.forbes.com/sites/davelewis/2015/05/31/heartland-payment-systems-suffers-data-breach/#155d10312985 | Guardian | ||||||||||||||||||||||||||||||||||||||||||||
51 | US Dept of Defense | "According to a report to Congress, assessment forms of 72,000 service members who returned from deployment to Iraq or Afghanistan between Jan 1, 2007 to May 31, 2008 were breached. The forms ask for the service member's SSN,. Name, date of birth." | 5 | 2009 | 72000 | military | lost / stolen device or media | y | 72000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
52 | US National Guard | About 131,000 former and current Army Guard members potentially affected when a personal laptop owned by an Army Guard contractor was stolen. Database incuded names, Social Security Numbers, incentive payment amounts and payment dates. | 5 | 2009 | 131000 | military | lost / stolen device or media | y | 130000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
53 | Affinity Health Plan, Inc. | A rented photocopier used to copy health records did not have its hard-drive wiped before its return. | 5 | 2009 | 344579 | healthcare | lost / stolen device or media | y | 300000 | 4000 | http://security-hack1.blogspot.com/2010/04/affinity-health-plan-alerts-public.html | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | ||||||||||||||||||||||||||||||||||||||||||||
54 | Blue Cross Blue Shield of Tennessee | US health insurance organization | A thief stole 57 hard drives from the closet of a BlueCross call center in Chattanooga, Tenn. Data on the stolen hard drives was encoded but not encrypted. Bluecross stated there was no evidence the information was accessed due to the specialized nature of the hardware stolen. | 5 | 2009 | 1023209 | healthcare | lost / stolen device or media | y | 1000000 | 20 | http://www.scmagazine.com/thief-steals-57-hard-drives-from-bluecross-blueshield-of-tennessee/article/162178/ | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | |||||||||||||||||||||||||||||||||||||||||||
55 | AvMed, Inc. | Two company laptops containing names, addresses, dates of birth, Social Security numbers and health-related information. | 5 | 2009 | 1220000 | healthcare | lost / stolen device or media | 1200000 | 20 | http://www.governmentsecurity.org/latest-security-news/laptop-theft-exposes-private-info-of-avmed-health-plansaapos-customers.html | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | |||||||||||||||||||||||||||||||||||||||||||||
56 | Health Net | Largest US publicly traded managed health care company | A portable hard drive with seven years of personal and medical information on about 1.5 million Health Net customers was lost for six months before being reported. | 5 | 2009 | 1500000 | healthcare | lost / stolen device or media | y | 1500000 | 4000 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||
57 | US Military | Without first destroying the data the agency sent back a defective unencrypted hard drive for repair and recycling which held detailed records on 76 million veterans, including millions of Social Security numbers dating to 1972. | 5 | 2009 | 76000000 | military | lost / stolen device or media | y | 76000000 | 20 | http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/ | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
58 | Yale University | 6 | 2010 | 43000 | academic | accidentally published | 40000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||||
59 | AT&T | US Telecoms company | Details of iPad 3G users hacked from AT&T website, thought to include those of White House chief of staff Rahm Emanuel. | 6 | 2010 | 114000 | telecoms | hacked | y | 100000 | 1 | http://www.guardian.co.uk/technology/2010/jun/10/apple-ipad-security-leak?INTCMP=SRCH | Guardian | ||||||||||||||||||||||||||||||||||||||||||||
60 | Ankle & foot Center of Tampa Bay, Inc. | The information hacked included information such as patient names, social security numbers, date of birth, home addressees, account numbers, and healthcare services and related diagnostic codes. | 6 | 2010 | 156000 | healthcare | hacked | 160000 | 4000 | http://www.phiprivacy.net/?p=5743 | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | |||||||||||||||||||||||||||||||||||||||||||||
61 | Seacoast Radiology, PA | Computer gamers hacked a server at Seacoast Radiology in Rochester in search of more bandwidth in November to play Call of Duty: Black Ops. In the process they also gained access to personal records of the more than 230,000 patients of the health center. | 6 | 2010 | 231400 | healthcare | hacked | y | 200000 | 20 | http://www.fosters.com/apps/pbcs.dll/article?AID=/20110120/GJNEWS_01/701209744 | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | ||||||||||||||||||||||||||||||||||||||||||||
62 | US Federal Reserve Bank of Cleveland | A Malaysian man has been charged with hacking into major U.S. corporations, including the U.S. Federal Reserve Bank of Cleveland and FedComp after U.S. Secret Service investigators found more than "400,000 stolen credit and debit card account numbers allegedly obtained by hacking into various computer systems of other financial institutions" | 6 | 2010 | 400000 | financial | hacked | 400000 | 300 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||||
63 | Puerto Rico Department of Health | Double whammy. Two separate breaches. On September 3rd, 2010 data on 115,000 people was stolen from unauthorized access of an electronic device, on the 21st they reported an additional 400,000 records were hacked. | 6 | 2010 | 515000 | healthcare | hacked | 500000 | 4000 | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | ||||||||||||||||||||||||||||||||||||||||||||||
64 | Ohio State University | 6 | 2010 | 760000 | academic | hacked | 800000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||||
65 | Gawker.com | US news and gossip blog network including Gawker.com Gizmodo.com Lifehacker.com | Hacked. 1.5 Million usernames, emails, passwords taken. | 6 | 2010 | 1500000 | web | hacked | 1500000 | 20 | http://www.guardian.co.uk/technology/2010/dec/13/gawker-hackers-passwords-twitter-wikileaks?INTCMP=SRCH | http://www.mediaite.com/online/gawker-medias-entire-commenter-database-appears-to-have-been-hacked/ | Guardian | ||||||||||||||||||||||||||||||||||||||||||||
66 | Betfair | UK gambling site | Betfair waited 18 months to report the breach of their online gambling site, alarming banking institutions and security experts. Betfair's systems breach, which occurred in March and April 2010, was not uncovered until this past May, when a server crashed. | 6 | 2010 | 2300000 | web | hacked | 2300000 | 300 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
67 | Embassy Cables | Confidential communications between 274 embassies in countries throughout the world and the State Department in Washington DC, between 1966-2010. | Wikileaks | 6 | 2010 | 251000 | government | inside job | 300000 | 50000 | http://wikileaks.org/cablegate.html | Wikileaks | |||||||||||||||||||||||||||||||||||||||||||||
68 | US Military | Wikileaks / Bradley Manning/Cablegate. | WIKILEAKS! | 6 | 2010 | 260000 | military | inside job | y | 300000 | 50000 | http://www.guardian.co.uk/news/datablog/2010/nov/29/wikileaks-cables-data | Guardian | ||||||||||||||||||||||||||||||||||||||||||||
69 | Classified Iraq War documents | Wikileaks | 6 | 2010 | 392000 | government | inside job | 400000 | 20 | http://www.forbes.com/sites/andygreenberg/2010/10/22/wikileaks-reveals-the-biggest-classified-data-breach-in-history/ | Forbes | ||||||||||||||||||||||||||||||||||||||||||||||
70 | Colorado government | Department of Health Care Policy & Financing | 6 | 2010 | 105470 | healthcare | lost / stolen device or media | 100000 | 20 | http://www.databreaches.net/?p=12611 | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | |||||||||||||||||||||||||||||||||||||||||||||
71 | Lincoln Medical & Mental Health Center | 130,495 patients lost their protected health information after seven CDs were lost in transit. | 6 | 2010 | 130495 | healthcare | lost / stolen device or media | 130000 | 4000 | http://www.phiprivacy.net/?tag=lincoln-medical-and-mental-health-center | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | |||||||||||||||||||||||||||||||||||||||||||||
72 | Emergency Healthcare Physicians, Ltd. | A Chicago emergency physician group | The stolen portable hard drive is believed to have contained records from 2003 to 2006 that included patient names, addressees, phone numbers, birth dates, Social Security numbers, and, in some cases, drivers' license numbers. | 6 | 2010 | 180111 | healthcare | lost / stolen device or media | 180000 | 4000 | http://www.healthcareinfosecurity.com/chicago-breach-affects-180000-a-2496 | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | ||||||||||||||||||||||||||||||||||||||||||||
73 | Triple-S Salud, Inc. | Puerto-Rican health insurance company | 6 | 2010 | 398000 | healthcare | lost / stolen device or media | 400000 | 4000 | https://www.databreaches.net/puerto-rico-dept-of-health-reports-breach-affecting-400000-triple-s-salud-fined-100k/ | Data Breaches | ||||||||||||||||||||||||||||||||||||||||||||||
74 | South Shore Hospital, Massachusetts | South Shore Hospital hired a contractor to destroy files no longer in use and lost the shipment. The back-up computer files possibly contained names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, protected health information including diagnoses and treatments. As well as bank account and credit card numbers for some. Patients, employees, physicians, volunteers, donors, vendors and other business partners were effected. | 6 | 2010 | 800000 | healthcare | lost / stolen device or media | 800000 | 50000 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||||
75 | New York City Health & Hospitals Corp. | New York City Health & Hospitals Corporation's North Bronx Healthcare Network | 6 | 2010 | 1700000 | healthcare | lost / stolen device or media | 1700000 | 4000 | http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html | US Gov | ||||||||||||||||||||||||||||||||||||||||||||||
76 | JP Morgan Chase | In 2007, the personal information of approximately 2.6 million current and former holders of a Chase-Circuit City credit card had been mistakenly identified as trash and thrown out in garbage bags outside five branch offices in New York. | 6 | 2010 | 2600000 | financial | lost / stolen device or media | y | 2600000 | 300 | http://www.pcworld.com/article/131453/article.html | ITRC | |||||||||||||||||||||||||||||||||||||||||||||
77 | Educational Credit Management Corp | US student loan guarantor | A contractor for the US Department of Education stole the records of 3.3 million people. Data included names, addresses, Social Security numbers and dates of birth of borrowers, but no financial or bank account information. | 6 | 2010 | 3300000 | financial | lost / stolen device or media | y | 3300000 | 20 | http://www.foxnews.com/us/2010/03/26/student-loan-company-data-m-people-stolen/ | ITRC | ||||||||||||||||||||||||||||||||||||||||||||
78 | US Army | 7 | 2011 | 50000 | military | accidentally published | 50000 | 1 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | |||||||||||||||||||||||||||||||||||||||||||||||
79 | State of Texas | 3.5 million records were accidentally published online including people's names, mailing addresses, social security numbers, and in some cases dates of birth and driver's license numbers. | 7 | 2011 | 3500000 | government | accidentally published | 3500000 | 20 | http://www.informationweek.com/security/attacks/texas-data-breach-exposed-35-million-rec/229401489?queryText=Texas%20data%20leak | Information Week | ||||||||||||||||||||||||||||||||||||||||||||||
80 | Writerspace.com | Website design and hosting for writers | Hacker group LulzSec released the e-mails and passwords, 12,000 of which were confirmed to originate from Writerspace.com. | 7 | 2011 | 62000 | web | hacked | 62000 | 1 | http://www.pcmag.com/article2/0,2817,2387186,00.asp | PC Mag | |||||||||||||||||||||||||||||||||||||||||||||
81 | University of Wisconsin - Milwaukee | 7 | 2011 | 73000 | academic | hacked | 73000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ||||||||||||||||||||||||||||||||||||||||||||||||
82 | US Law Enforcement | "AntiSec" hackers published 2,719 social security numbers, 8,214 passwords, 15,798 birth dates, 48,182 street addresses, 1,531,628 email addresses, 106,691 phone numbers, 57 bank account numbers, 53 driver's license numbers, and eight credit card numbers of more than 70 different U.S. law enforcement agencies. | 7 | 2011 | 123461 | government | hacked | 130000 | 300 | http://www.pcmag.com/article2/0,2817,2390683,00.asp | PC World | ||||||||||||||||||||||||||||||||||||||||||||||
83 | San Francisco Public Utilities Commission | 7 | 2011 | 180000 | government | hacked | 180000 | 1 | http://news.cnet.com/8301-27080_3-20068386-245/sf-utilities-agency-warns-of-potential-breach/ | CNET | |||||||||||||||||||||||||||||||||||||||||||||||
84 | Bethesda Game Studios | US video game company (Elder Scrolls, Fallout 3) | Hacking collective Lulzsec stole account information of 200,000 user. | 7 | 2011 | 200000 | gaming | hacked | 200000 | 1 | http://www.pcworld.com/article/231215/lulzsec_a_short_history_of_hacking.html | PC World | |||||||||||||||||||||||||||||||||||||||||||||
85 | Restaurant Depot | food, equipment, and supplies for restaurants | 7 | 2011 | 200000 | retail | hacked | 200000 | 300 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||||
86 | Epsilon | Marketing email provider | Apr 2011. Names & email addresses of customers of Barclaycard US, Capital One, JP Morgan, Citigroup & other firms have been stolen. | 7 | 2011 | 3000000 | web | hacked | 3000000 | 1 | https://www.theguardian.com/technology/2011/apr/04/epsilon-email-hack | The Guardian | |||||||||||||||||||||||||||||||||||||||||||||
87 | Massachusetts Government | Massachusetts Executive Office of Labor and Workforce | Over 1,500 departmental computers were infected with the W32.QAKBOT virus, a malicious program which “downloads additional files, steals information, and opens a back door on the compromised computer”. | 7 | 2011 | 210000 | government | hacked | y | 200000 | 50000 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||
88 | Southern California Medical-Legal Consultants | Electronic files containing names and social security numbers of approximately 300,000 individuals who have applied for California workers’ compensation benefits had been exposed to unauthorized access. | 7 | 2011 | 300000 | healthcare | hacked | 300000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ID theft centre | ||||||||||||||||||||||||||||||||||||||||||||||
89 | Honda Canada | Names, addresses and vehicle identification numbers were taken from the company’s eCommerce websites myHonda and myAcura | 7 | 2011 | 283000 | retail | hacked | y | 300000 | 20 | http://www.guelphmercury.com/news-story/2200845-honda-canada-hit-by-online-security-breach-283-000-car-owners-personal-data-stolen/ | Guelph Mercury | |||||||||||||||||||||||||||||||||||||||||||||
90 | Citigroup | Less than 1% of Citbank card holders' names, account numbers, and contact information such as e-mail addresses were stolen. Card security codes were not stolen. | 7 | 2011 | 360083 | financial | hacked | 400000 | 300 | http://www.pcworld.com/article/229891/Citigroup_Hack_Nets_Over_200k_in_Stolen_Customer_Details.html | PC World | ||||||||||||||||||||||||||||||||||||||||||||||
91 | Stratfor | geopolitical intelligence firm | Hacking collective Anonymous defaced the website of Stratfor and posted online what they claimed was Stratfor's confidential client list, along with credit card details, passwords and home addresses for those clients. They released 47,680 unique e-mail addresses and 50,277 unique credit card numbers — 9,651 of which were not yet expired. Of the stolen encrypted passwords, 50% were easily crackable. Stratfor has stated that it was not the firm's client list that was released, but rather Stratfor's list of individual subscribers to their online publication. | 7 | 2011 | 935000 | military | hacked | 900000 | 300 | http://bits.blogs.nytimes.com/2011/12/27/questions-about-motives-behind-stratfor-hack/ | NY Times | |||||||||||||||||||||||||||||||||||||||||||||
92 | Sony Pictures | LulzSec hacking collective stated all of the information it took was unencrypted, “Sony stored over 1,000,000 passwords of its customers in plaintext." More than 1 million user accounts were compromised. An additional 75,000 music codes and 3.5 million coupons were also uncovered. | 7 | 2011 | 1000000 | web | hacked | y | 1000000 | 1 | http://mashable.com/2011/06/02/sony-pictures-hacked/ | Mashable | |||||||||||||||||||||||||||||||||||||||||||||
93 | Oregon Department of Motor Vehicles | Sheriff's detectives arrested Tim Nuss for accessing an old Oregon Department of Motor Vehicles database. The DMV database was once sold to marketing companies, but the department stopped selling the information in the late 1990s. The sold data include the names, addresses, birth dates, gender and ages of people who registered with the DMV, but no financial information. | 7 | 2011 | 1000000 | government | hacked | 1000000 | 20 | http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml | ITRC | ||||||||||||||||||||||||||||||||||||||||||||||
94 | Sega | Information stolen during the hack includes names, birth dates, e-mail addresses and passwords from Sega Pass, a system for users interested in newsletters and for registering certain products. | 7 | 2011 | 1290755 | gaming | hacked | 1300000 | 20 | http://www.zdnet.com/blog/gamification/sega-1-3-million-customer-records-hacked-lulzsec-promises-retribution/481 | ZD Net | ||||||||||||||||||||||||||||||||||||||||||||||
95 | Washington Post | Unknown hackers broke into The Washington Post's jobs website stealing about 1.27 million user IDs and email addresses. | 7 | 2011 | 1270000 | media | hacked | 1300000 | 20 | http://www.pcmag.com/article2/0,2817,2388200,00.asp | PC Mag | ||||||||||||||||||||||||||||||||||||||||||||||
96 | China Software Developer Network | 7 | 2011 | 6000000 | web | hacked | 6000000 | 1 | http://www.zdnet.com/blog/security/chinese-hacker-arrested-for-leaking-6-million-logins/11064 | ZD Net | |||||||||||||||||||||||||||||||||||||||||||||||
97 | 178.com | gaming website | 7 | 2011 | 10000000 | web | hacked | 10000000 | 1 | http://www.ehackingnews.com/2011/12/hackers-compromised-38-million-chinese.html | eHacking News | ||||||||||||||||||||||||||||||||||||||||||||||
98 | Nexon Korea Corp | Personal data of subscribers to online game Maple Story was leaked. | game developer | 7 | 2011 | 13200000 | web | hacked | 13200000 | 20 | http://www.reuters.com/article/2011/11/26/us-korea-hacking-nexon-idUSTRE7AP09H20111126 | Reuters | |||||||||||||||||||||||||||||||||||||||||||||
99 | Sony Online Entertainment | Hacked by LulzSec. In addition to the Sony Playstation Network breach, compromised 77 million records. More than 23,000 lost financial data, according to Sony. | 7 | 2011 | 24600000 | gaming | hacked | 24600000 | 300 | http://www.computerworld.com/s/article/9216343/Sony_cuts_off_Sony_Online_Entertainment_service_after_hack | Computer World | ||||||||||||||||||||||||||||||||||||||||||||||
100 | Tianya | Usernames, clear tect passwords and email addresses hacked. | blogging site | 7 | 2011 | 28000000 | web | hacked | 28000000 | 1 | http://www.scmagazine.com.au/News/349585,28-million-clear-text-passwords-found-after-tianya65279-hack.aspx | SC Mag |